Millions of Virgin Mobile Accounts Are Vulnerable To Attack
Last month, the Internet watched along in horror as one Wired writer had his entire digital life placed in jeopardy. His iPad, iPhone and MacBook Air were locked down and his Twitter account (along with the Twitter account for Gizmodo) were taken over and used to broadcast all sorts of idiotic dribble in quick succession.
As he tried to piece together his digital life, Mat Honan had a chance to speak with his teenaged hackers who told him exactly how they were able to take control of his accounts with relative ease. While the hackers were responsible for bringing emotional harm to Honan’s life, it turned out Amazon and Apple didn’t do much to stop them.
This week, another online personality has discovered another incredibly dangerous flaw in the privacy protocols of another company, Virgin Mobile.
When Virgin Mobile customers are asked to create a username and password to gain access to the Virgin Mobile Web site, they are locked into 2 very insecure credentials. First, Virgin doesn’t give customers a choice in selecting a username: It can only be your phone number. Secondly, a customer’s password can only be composed of 6 digits. No more, no less, and no letters or characters can be used.
While some may continue to guard their cell phone number, for many, they’re as freely given as a handshake in matters of business or otherwise. It’s because of this easily accessible and wide open piece of data that Kevin Burke, a web designer from Silicon Valley, became alarmed at how vulnerable Virgin Mobile customers’ data can be. What’s even more frightening is Virgin Mobile’s response when Burke brought this terrible gap in security to their attention.
As Burke explains in his blog, limiting customers to 6-digit (and digit only) account PIN is “horribly insecure.” With only 6 digits, there are around 900,000 possible password combinations to be picked from by Virgin customers. To prove just how easy it would be to discover a 6-digit PIN, Burke wrote a script to basically conduct a “brute force” attack on his own account. He was able to do so in a single day.
Once inside a Virgin account, hackers have full access to call and text logs, change the phone associated with the account, buy a new phone (the price of which would be reflected on the next bill) and even change the PIN and account email address, locking a customer out of their account.
Our phones are with us every day and, as such, end up picking up a lot of details and information about our lives, such as who we’ve been talking to, where we’ve been and who we plan on talking to in the future and where. Imagine how much damage a hacker could do with this kind of sensitive and incredibly personal information.
It was this thought which drove Burke to bring this vulnerability to the attention of Virgin Mobile.
He started low on the chain, reaching out to the company first on Twitter, though the representative didn’t understand the weight of the problem in only 140 characters.
Burke then tried calling various other representatives over the next 2 days, each time being asked to present his username (phone number) and PIN.
Finally, a rep escalates the matter to Sprint Executive and Regulatory Services. An executive from SPRS asked Burke to get in touch, and after explaining the gaping hole in the security fence, the Regulatory Services executive promised only to keep the issue moving to another team.
For nearly a month, Burke heard nothing more from the Regulatory Services executive other than that the issue had been passed on to the appropriate team. Frustrated, Burke then told the executive he planned to take this news public if Virgin didn’t announce any plans to resolve the issue. In response, Burke said he received a phone call saying Virgin would take no action to repair this flaw.
Since this story has gone public, Sprint and Virgin have said they have begun to lock people out of accounts after 4 failed attempts, but as Burke points out, anyone can easily sidestep this feature by not using the same cookies for each request.
So far, neither Sprint nor Virgin have taken any further steps to fix this vulnerability.
“For the moment,” writes Burke, “I suggest vigilance, deleting any credit cards you have stored with Virgin, and considering switching to another carrier.”
redOrbit.com
offers Science, Space, Technology, Health news, videos, images and
reference information. For the latest science news, space news,
technology news, health news visit redOrbit.com frequently. Learn
something new every day.\”
2012-09-19 21:02:09
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world. Anyone can join. Anyone can contribute. Anyone can become informed about their world. "United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
LION'S MANE PRODUCT
Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules
Mushrooms are having a moment. One fabulous fungus in particular, lion’s mane, may help improve memory, depression and anxiety symptoms. They are also an excellent source of nutrients that show promise as a therapy for dementia, and other neurodegenerative diseases. If you’re living with anxiety or depression, you may be curious about all the therapy options out there — including the natural ones.Our Lion’s Mane WHOLE MIND Nootropic Blend has been formulated to utilize the potency of Lion’s mane but also include the benefits of four other Highly Beneficial Mushrooms. Synergistically, they work together to Build your health through improving cognitive function and immunity regardless of your age. Our Nootropic not only improves your Cognitive Function and Activates your Immune System, but it benefits growth of Essential Gut Flora, further enhancing your Vitality.
Our Formula includes: Lion’s Mane Mushrooms which Increase Brain Power through nerve growth, lessen anxiety, reduce depression, and improve concentration. Its an excellent adaptogen, promotes sleep and improves immunity. Shiitake Mushrooms which Fight cancer cells and infectious disease, boost the immune system, promotes brain function, and serves as a source of B vitamins. Maitake Mushrooms which regulate blood sugar levels of diabetics, reduce hypertension and boosts the immune system. Reishi Mushrooms which Fight inflammation, liver disease, fatigue, tumor growth and cancer. They Improve skin disorders and soothes digestive problems, stomach ulcers and leaky gut syndrome. Chaga Mushrooms which have anti-aging effects, boost immune function, improve stamina and athletic performance, even act as a natural aphrodisiac, fighting diabetes and improving liver function. Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules Today. Be 100% Satisfied or Receive a Full Money Back Guarantee. Order Yours Today by Following This Link.
